码迷,mamicode.com
首页 > Web开发 > 详细

Penetration Test - Planning and Scoping(2)

时间:2020-07-19 23:58:22      阅读:117      评论:0      收藏:0      [点我收藏+]

标签:Plan   man   off   stand   osi   rms   hat   exec   ora   

Penetration Test - Planning and Scoping(2)

TARGET AUDIENCE AND ROE

  • Know your target audience
    • Who is sponsoring the pen test?
    • What is the purpose of the test?
  • Rules of engagement - governs the pen tester‘s activities
    • Schedule - start, stop, temporal restrictions
    • Team composition, location, access
  • Test scope
    • Technical/physical/personnel
    • Target limits (inclusion, invasiveness, etc.)

Communication - How, When, Why

COMMUNICATION ESCALATION PATH

  • Risks of pen testing
    • Crashing devices, services, whole servers
    • Corrupting data
    • Degrading performance
    • Terms of Service(TOS)/regulation/legislation violation
  • Communication escalation path
    • Who to contact if thins go wrong
    • Communication expectations(content, trigger, frequency)

QUICK REVIEW

  • Know who is sponsoring the pen test and why
  • Know what kind of tests can you execute and what is off-limits
  • Understand pen test risks
  • Plan to communicate and know who to call and when

Penetration Test - Planning and Scoping(2)

标签:Plan   man   off   stand   osi   rms   hat   exec   ora   

原文地址:https://www.cnblogs.com/keepmoving1113/p/13341306.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!